Do I need antivirus on my computer?

Tips & tricks
6 mins
Bug icon displayed on laptop

Tl;dr: No, antivirus software no longer reliably protects against malware threats. To understand why, read below about the history of malware, what antivirus software does, and whether you truly need an antivirus to protect your computer.

While computer science had theorized self-replicating computer programs since the late 1940s, it was only in 1971 that the first virus, called Creeper, was created.

Creeper didn’t do any particular harm; it could only display a message. The second computer virus in existence, dubbed Reaper, was created with the sole purpose of destroying Creeper. Another 15 years filled with mostly harmless and experimental viruses went by before Brain was born. 

Brain was a virus written by two Pakistani brothers in 1986, intended to track pirated copies of their heart-monitoring program. Things escalated quickly and Brain spread to many more machines than anticipated as it was the first virus to spread via floppy disks. The writers released the virus with no malicious intent, and it didn’t do any damage besides slowing down floppy disk drives. Indeed, they even included their names, address, and phone numbers in the software.

The Morris Worm was the first computer virus

Just two years after Brain made its debut, in November 1988, the first virus spread across the internet. The writer, Robert Tappan Morris, didn’t intend any harm either, but that didn’t protect him from being the first person convicted under the then-new 1986 Computer Fraud and Abuse Act.

Though the Morris Worm was not built to wreak damage, a few programming errors allowed it to disable over 6,000 computers in just a few hours—around 10% of the internet at the time. It’s estimated the worm caused between 100,000 USD and 10 million USD in damages at the time. The irony is that we know the scale of the attack because the virus was created to calculate the size of the internet.

The Morris Worm was a wake-up call for many, and it helped kick-start the emerging antivirus industry. John McAfee founded the eponymous company that made him famous in 1987, and more antivirus companies emerged shortly after. In 1988, Avira was founded in Germany by Tjark Auerbach. Then, later the same year, Pavel Baudiš and Eduard Kučera created Avast in the Czech Republic. And in 1991, Norton Antivirus was founded in the United States.

How antivirus programs work

Antivirus programs typically work by maintaining a list of all known viruses. Every digital file can be identified by what’s called a hash, and each hash uniquely represents a known virus.

Hashes are always only a few characters long, no matter how large the file is, and they can be calculated relatively easily. This makes it possible to store many hashes together in a downloadable database.

The hash approach worked particularly well when there were only a limited number of viruses. AV-Test, one of the popular maintainers of such databases, reported in 1994 to have just over 28,000 viruses on file. By 1999, that number was close to 100,000.

Despite slow beginnings, the number of viruses started growing exponentially. By 2014, there were 37 million virus hashes; just a year later there were 64 million. That’s an increase of over 70,000 per day.

Viruses have become largely polymorphic, which means they behave like biological organisms and mutate slightly each time they replicate. While the essential function of the virus will stay intact, it can no longer be uniquely identified by its hash.

Because of these mutations, antivirus programs also monitor the behavior of software in general. Unfortunately, it becomes tough to separate the behavior of a legitimate application from an illegitimate one, as no programming functions can be uniquely attributed to viruses. As a result, antivirus programs either tend to miss threats or detect false positives.

Frequent false positives can easily train a person to quickly approve a potential threat found by the antivirus software, a bit like the boy who cried wolf.

‘Allow all’ antivirus became ‘deny all’ browsers

Modern operating systems and browsers are built with polymorphic viruses in mind. While the old security model often evolved around a philosophy of ‘allow all, then add exceptions,’ today’s applications and systems are built to deny everything until the user specifically allows it.

Threats such as viruses and hacking attempts have become so numerous that even antivirus dictionaries with millions of entries will likely miss some, and viruses evolve so quickly that no iterations are the same.

Today’s malware rarely spreads on its own, but instead relies on a person to install and spread it. You may be tricked into installing malware from an email attachment purporting to be from your bank, or it may come bundled with pirated software you downloaded.

As such, antivirus software rarely works in its current form. It’s expensive, may slow down your computer, interfere with other software, and give you a false sense of security. Here is what you can do instead:

The best ways to keep your system safe

A backed-up and up-to-date operating system is the frontline of defense against unwanted code running on your computer.

1. Keep your system up to date

Any threat to your system will look to find bugs and loopholes to exploit. While bugs are not particularly rare, they’re usually patched fast enough to stop vulnerabilities from becoming large-scale security issues.

It’s important to keep your phone, your computer, and all apps and programs updated too, to defend against malware. This can sometimes be tiresome, especially if any updates can’t install automatically, but it’s the most important thing to keep your system safe.

2. Back up your files regularly

Even if you keep your system up to date, there’s still a tiny chance it may be infected with a virus. New threats that have yet to be analyzed and discovered constantly develop, and potentially, even ones specifically targeting you. It’s unlikely that an antivirus will be able to defend you against all such threats.

Make regular backups of all your data and keep them on a separate drive, ideally unplugging the drive after you make the backup. This will let you start quickly again with a fresh installation of your operating system, often the only guaranteed way to get rid of a virus, with minimal data loss.

Does a VPN protect me against viruses?

While a VPN makes it impossible for your Wi-FI provider or malicious hackers on the same public network to inject malicious code into your browsing sessions, a VPN alone doesn’t protect you against viruses.

Viruses and other malware may secretly make their way onto your computer through unencrypted websites and adware embedded in the ads you see. Our user-friendly apps for Windows and macOS come with a built-in tracker blocker and ad blocker. When you connect, powerful encryption secures your connection, helping protect you from threats, which is especially helpful on unsecured public Wi-Fi networks.

 

Get ExpressVPN

Even when using a VPN, you still need to be careful with email attachments and downloads. You should never open files with suspicious formats such as .exe, .jar, or .js, and only open files from sources that you trust. When in doubt about an attachment from a trusted contact, try reaching out to them through a separate channel to verify the authenticity of their message.

Yes, you can still run antivirus software

There’s no significant harm in running an antivirus program, as long as it’s only one (two such programs will likely interfere with each other). If you find your system to be slow or programs no longer running smoothly after installing antivirus software, consider switching providers.

Running an antivirus program largely helps protect those around you with unpatched and outdated systems, and it makes sure you don’t inadvertently spread virus-corrupted files, even when they can’t infect your computer.

Antivirus software can also help you identify threats that are buried deep in your backups or other files. Even if they can’t infect your updated computer, you probably don’t want them on your system.

Get ExpressVPN

Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.